VYPR

FOX

by WordPress

CVEs (2)

  • CVE-2024-8271HigSep 14, 2024
    risk 0.48cvss 7.3epss 0.01

    The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a…

  • CVE-2026-9241MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the `get_value()` function in `classes/fixed/fixed_user_role.php` trusting…